Azure B2C load balanced App Services Audience Validation Failed

Question

We are using an Azure B2C tenant to deal with our logins for our Azure app, which has a couple of instances (primary/secondary) which are in different geolocations. Previously a user would hit primary or secondary based on their geolocation, such that a single user would likely stick with whichever instance they hit for the whole of their session (unless one died and failed over).

We have recently switch to a load balanced way of routing the user (after some Azure downtime) to each of these App Services, and we are now getting a number of Audience Validation Failed errors, because - as far as i can see - the user is initially hitting the redirect to the B2C login from primary say, logging in and then being load balanced back to the secondary (other) app service, such that the application Ids (one for each app service) - which are controlled in the B2C - tenant are incorrect , hence the error.

we are using the AddAzureAdB2C lifted from one of the B2C howtos, which wraps OpenIdConnect

Is there any way of dealing with this so that any login can happen on either of the app services, maybe having a shared audience, or some such?

Answer 1

If it is the same app that is deployed behind a common domain (e.g. mywebapp.trafficmanager.net) to multiple services (e.g. mywebappeu.azurewebsites.net and mywebappus.azurewebsites.net), then you should create a single app in Azure AD B2C and set this app identifier with both the app services.